cvss-suite 3.0.1 → 3.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/rspec.yml +4 -4
- data/.github/workflows/rubocop.yml +3 -4
- data/.rspec +1 -0
- data/.rubocop.yml +20 -0
- data/.rubocop_todo.yml +2 -2
- data/CHANGES.md +34 -0
- data/CODE_OF_CONDUCT.md +0 -5
- data/Gemfile +0 -6
- data/LICENSE.md +12 -2
- data/README.md +20 -11
- data/cvss_suite.gemspec +12 -14
- data/lib/cvss_suite/cvss.rb +7 -55
- data/lib/cvss_suite/cvss2/cvss2.rb +2 -8
- data/lib/cvss_suite/cvss2/cvss2_base.rb +0 -6
- data/lib/cvss_suite/cvss2/cvss2_environmental.rb +0 -6
- data/lib/cvss_suite/cvss2/cvss2_temporal.rb +0 -6
- data/lib/cvss_suite/cvss3/cvss3.rb +8 -8
- data/lib/cvss_suite/cvss3/cvss3_base.rb +8 -14
- data/lib/cvss_suite/cvss3/cvss3_environmental.rb +11 -17
- data/lib/cvss_suite/cvss3/cvss3_temporal.rb +3 -9
- data/lib/cvss_suite/cvss31/cvss31.rb +8 -8
- data/lib/cvss_suite/cvss31/cvss31_base.rb +8 -14
- data/lib/cvss_suite/cvss31/cvss31_environmental.rb +11 -17
- data/lib/cvss_suite/cvss31/cvss31_temporal.rb +3 -9
- data/lib/cvss_suite/cvss40/cvss40.rb +43 -0
- data/lib/cvss_suite/cvss40/cvss40_all_up.rb +40 -0
- data/lib/cvss_suite/cvss40/cvss40_base.rb +86 -0
- data/lib/cvss_suite/cvss40/cvss40_calc_helper.rb +397 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_levels.rb +26 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_macro_vector_lookup.rb +278 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_max_composed.rb +41 -0
- data/lib/cvss_suite/cvss40/cvss40_constants_max_severity.rb +31 -0
- data/lib/cvss_suite/cvss40/cvss40_environmental.rb +105 -0
- data/lib/cvss_suite/cvss40/cvss40_environmental_security.rb +47 -0
- data/lib/cvss_suite/cvss40/cvss40_supplemental.rb +66 -0
- data/lib/cvss_suite/cvss40/cvss40_threat.rb +34 -0
- data/lib/cvss_suite/cvss_31_and_before.rb +61 -0
- data/lib/cvss_suite/cvss_40_and_later.rb +51 -0
- data/lib/cvss_suite/cvss_metric.rb +7 -7
- data/lib/cvss_suite/cvss_property.rb +23 -8
- data/lib/cvss_suite/errors.rb +0 -6
- data/lib/cvss_suite/helpers/cvss31_helper.rb +0 -6
- data/lib/cvss_suite/helpers/cvss3_helper.rb +0 -6
- data/lib/cvss_suite/invalid_cvss.rb +0 -6
- data/lib/cvss_suite/version.rb +1 -7
- data/lib/cvss_suite.rb +48 -11
- metadata +40 -11
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -55,66 +49,66 @@ module CvssSuite
|
|
55
49
|
|
56
50
|
def init_properties
|
57
51
|
@properties.push(@confidentiality_requirement =
|
58
|
-
CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR',
|
52
|
+
CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR',
|
59
53
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
60
54
|
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
61
55
|
{ name: 'High', abbreviation: 'H', weight: 1.5 },
|
62
56
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
63
57
|
@properties.push(@integrity_requirement =
|
64
|
-
CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR',
|
58
|
+
CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR',
|
65
59
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
66
60
|
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
67
61
|
{ name: 'High', abbreviation: 'H', weight: 1.5 },
|
68
62
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
69
63
|
|
70
64
|
@properties.push(@availability_requirement =
|
71
|
-
CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR',
|
65
|
+
CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR',
|
72
66
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
73
67
|
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
74
68
|
{ name: 'High', abbreviation: 'H', weight: 1.5 },
|
75
69
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
76
70
|
@properties.push(@modified_attack_vector =
|
77
|
-
CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
|
71
|
+
CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
|
78
72
|
values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
|
79
73
|
{ name: 'Adjacent Network', abbreviation: 'A', weight: 0.62 },
|
80
74
|
{ name: 'Local', abbreviation: 'L', weight: 0.55 },
|
81
75
|
{ name: 'Physical', abbreviation: 'P', weight: 0.2 },
|
82
76
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
83
77
|
@properties.push(@modified_attack_complexity =
|
84
|
-
CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
|
78
|
+
CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
|
85
79
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
|
86
80
|
{ name: 'High', abbreviation: 'H', weight: 0.44 },
|
87
81
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
88
82
|
@properties.push(@modified_privileges_required =
|
89
|
-
CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
|
83
|
+
CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
|
90
84
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
91
85
|
{ name: 'Low', abbreviation: 'L', weight: 0.62 },
|
92
86
|
{ name: 'High', abbreviation: 'H', weight: 0.27 },
|
93
87
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
94
88
|
@properties.push(@modified_user_interaction =
|
95
|
-
CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
|
89
|
+
CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
|
96
90
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
97
91
|
{ name: 'Required', abbreviation: 'R', weight: 0.62 },
|
98
92
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
99
93
|
@properties.push(@modified_scope =
|
100
|
-
CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS',
|
94
|
+
CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS',
|
101
95
|
values: [{ name: 'Changed', abbreviation: 'C' },
|
102
96
|
{ name: 'Unchanged', abbreviation: 'U' },
|
103
97
|
{ name: 'Not Defined', abbreviation: 'X' }]))
|
104
98
|
@properties.push(@modified_confidentiality =
|
105
|
-
CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC',
|
99
|
+
CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC',
|
106
100
|
values: [{ name: 'None', abbreviation: 'N', weight: 0 },
|
107
101
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
108
102
|
{ name: 'High', abbreviation: 'H', weight: 0.56 },
|
109
103
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
110
104
|
@properties.push(@modified_integrity =
|
111
|
-
CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI',
|
105
|
+
CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI',
|
112
106
|
values: [{ name: 'None', abbreviation: 'N', weight: 0 },
|
113
107
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
114
108
|
{ name: 'High', abbreviation: 'H', weight: 0.56 },
|
115
109
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
116
110
|
@properties.push(@modified_availability =
|
117
|
-
CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA',
|
111
|
+
CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA',
|
118
112
|
values: [{ name: 'None', abbreviation: 'N', weight: 0 },
|
119
113
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
120
114
|
{ name: 'High', abbreviation: 'H', weight: 0.56 },
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2016-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -32,14 +26,14 @@ module CvssSuite
|
|
32
26
|
|
33
27
|
def init_properties
|
34
28
|
@properties.push(@exploit_code_maturity =
|
35
|
-
CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E',
|
29
|
+
CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E',
|
36
30
|
values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
|
37
31
|
{ name: 'Unproven', abbreviation: 'U', weight: 0.91 },
|
38
32
|
{ name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
|
39
33
|
{ name: 'Functional', abbreviation: 'F', weight: 0.97 },
|
40
34
|
{ name: 'High', abbreviation: 'H', weight: 1.0 }]))
|
41
35
|
@properties.push(@remediation_level =
|
42
|
-
CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL',
|
36
|
+
CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL',
|
43
37
|
values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
|
44
38
|
{ name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
|
45
39
|
{ name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
|
@@ -47,7 +41,7 @@ module CvssSuite
|
|
47
41
|
{ name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
|
48
42
|
|
49
43
|
@properties.push(@report_confidence =
|
50
|
-
CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC',
|
44
|
+
CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC',
|
51
45
|
values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
|
52
46
|
{ name: 'Unknown', abbreviation: 'U', weight: 0.92 },
|
53
47
|
{ name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
|
@@ -1,15 +1,9 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
12
|
-
require_relative '../
|
6
|
+
require_relative '../cvss_31_and_before'
|
13
7
|
require_relative 'cvss31_base'
|
14
8
|
require_relative 'cvss31_temporal'
|
15
9
|
require_relative 'cvss31_environmental'
|
@@ -18,7 +12,7 @@ require_relative '../helpers/cvss31_helper'
|
|
18
12
|
module CvssSuite
|
19
13
|
##
|
20
14
|
# This class represents a CVSS vector in version 3.1.
|
21
|
-
class Cvss31 <
|
15
|
+
class Cvss31 < Cvss31AndBefore
|
22
16
|
##
|
23
17
|
# Returns the Version of the CVSS vector.
|
24
18
|
|
@@ -50,6 +44,12 @@ module CvssSuite
|
|
50
44
|
Cvss31Helper.round_up(@environmental.score(@base, @temporal))
|
51
45
|
end
|
52
46
|
|
47
|
+
##
|
48
|
+
# Returns the vector itself.
|
49
|
+
def vector
|
50
|
+
"#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
|
51
|
+
end
|
52
|
+
|
53
53
|
private
|
54
54
|
|
55
55
|
def init_metrics
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -52,40 +46,40 @@ module CvssSuite
|
|
52
46
|
|
53
47
|
def init_properties
|
54
48
|
@properties.push(@attack_vector =
|
55
|
-
CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV',
|
49
|
+
CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV',
|
56
50
|
values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
|
57
51
|
{ name: 'Adjacent', abbreviation: 'A', weight: 0.62 },
|
58
52
|
{ name: 'Local', abbreviation: 'L', weight: 0.55 },
|
59
53
|
{ name: 'Physical', abbreviation: 'P', weight: 0.2 }]))
|
60
54
|
@properties.push(@attack_complexity =
|
61
|
-
CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC',
|
55
|
+
CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC',
|
62
56
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
|
63
57
|
{ name: 'High', abbreviation: 'H', weight: 0.44 }]))
|
64
58
|
@properties.push(@privileges_required =
|
65
|
-
CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR',
|
59
|
+
CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR',
|
66
60
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
67
61
|
{ name: 'Low', abbreviation: 'L', weight: 0.62 },
|
68
62
|
{ name: 'High', abbreviation: 'H', weight: 0.27 }]))
|
69
63
|
@properties.push(@user_interaction =
|
70
|
-
CvssProperty.new(name: 'User Interaction', abbreviation: 'UI',
|
64
|
+
CvssProperty.new(name: 'User Interaction', abbreviation: 'UI',
|
71
65
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
72
66
|
{ name: 'Required', abbreviation: 'R', weight: 0.62 }]))
|
73
67
|
@properties.push(@scope =
|
74
|
-
CvssProperty.new(name: 'Scope', abbreviation: 'S',
|
68
|
+
CvssProperty.new(name: 'Scope', abbreviation: 'S',
|
75
69
|
values: [{ name: 'Unchanged', abbreviation: 'U' },
|
76
70
|
{ name: 'Changed', abbreviation: 'C' }]))
|
77
71
|
@properties.push(@confidentiality =
|
78
|
-
CvssProperty.new(name: 'Confidentiality', abbreviation: 'C',
|
72
|
+
CvssProperty.new(name: 'Confidentiality', abbreviation: 'C',
|
79
73
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
80
74
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
81
75
|
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
82
76
|
@properties.push(@integrity =
|
83
|
-
CvssProperty.new(name: 'Integrity', abbreviation: 'I',
|
77
|
+
CvssProperty.new(name: 'Integrity', abbreviation: 'I',
|
84
78
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
85
79
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
86
80
|
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
87
81
|
@properties.push(@availability =
|
88
|
-
CvssProperty.new(name: 'Availability', abbreviation: 'A',
|
82
|
+
CvssProperty.new(name: 'Availability', abbreviation: 'A',
|
89
83
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.0 },
|
90
84
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
91
85
|
{ name: 'High', abbreviation: 'H', weight: 0.56 }]))
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -55,66 +49,66 @@ module CvssSuite
|
|
55
49
|
|
56
50
|
def init_properties
|
57
51
|
@properties.push(@confidentiality_requirement =
|
58
|
-
CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR',
|
52
|
+
CvssProperty.new(name: 'Confidentiality Requirement', abbreviation: 'CR',
|
59
53
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
60
54
|
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
61
55
|
{ name: 'High', abbreviation: 'H', weight: 1.5 },
|
62
56
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
63
57
|
@properties.push(@integrity_requirement =
|
64
|
-
CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR',
|
58
|
+
CvssProperty.new(name: 'Integrity Requirement', abbreviation: 'IR',
|
65
59
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
66
60
|
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
67
61
|
{ name: 'High', abbreviation: 'H', weight: 1.5 },
|
68
62
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
69
63
|
|
70
64
|
@properties.push(@availability_requirement =
|
71
|
-
CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR',
|
65
|
+
CvssProperty.new(name: 'Availability Requirement', abbreviation: 'AR',
|
72
66
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.5 },
|
73
67
|
{ name: 'Medium', abbreviation: 'M', weight: 1.0 },
|
74
68
|
{ name: 'High', abbreviation: 'H', weight: 1.5 },
|
75
69
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
76
70
|
@properties.push(@modified_attack_vector =
|
77
|
-
CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
|
71
|
+
CvssProperty.new(name: 'Modified Attack Vector', abbreviation: 'MAV',
|
78
72
|
values: [{ name: 'Network', abbreviation: 'N', weight: 0.85 },
|
79
73
|
{ name: 'Adjacent Network', abbreviation: 'A', weight: 0.62 },
|
80
74
|
{ name: 'Local', abbreviation: 'L', weight: 0.55 },
|
81
75
|
{ name: 'Physical', abbreviation: 'P', weight: 0.2 },
|
82
76
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
83
77
|
@properties.push(@modified_attack_complexity =
|
84
|
-
CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
|
78
|
+
CvssProperty.new(name: 'Modified Attack Complexity', abbreviation: 'MAC',
|
85
79
|
values: [{ name: 'Low', abbreviation: 'L', weight: 0.77 },
|
86
80
|
{ name: 'High', abbreviation: 'H', weight: 0.44 },
|
87
81
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
88
82
|
@properties.push(@modified_privileges_required =
|
89
|
-
CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
|
83
|
+
CvssProperty.new(name: 'Modified Privileges Required', abbreviation: 'MPR',
|
90
84
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
91
85
|
{ name: 'Low', abbreviation: 'L', weight: 0.62 },
|
92
86
|
{ name: 'High', abbreviation: 'H', weight: 0.27 },
|
93
87
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
94
88
|
@properties.push(@modified_user_interaction =
|
95
|
-
CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
|
89
|
+
CvssProperty.new(name: 'Modified User Interaction', abbreviation: 'MUI',
|
96
90
|
values: [{ name: 'None', abbreviation: 'N', weight: 0.85 },
|
97
91
|
{ name: 'Required', abbreviation: 'R', weight: 0.62 },
|
98
92
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
99
93
|
@properties.push(@modified_scope =
|
100
|
-
CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS',
|
94
|
+
CvssProperty.new(name: 'Modified Scope', abbreviation: 'MS',
|
101
95
|
values: [{ name: 'Changed', abbreviation: 'C' },
|
102
96
|
{ name: 'Unchanged', abbreviation: 'U' },
|
103
97
|
{ name: 'Not Defined', abbreviation: 'X' }]))
|
104
98
|
@properties.push(@modified_confidentiality =
|
105
|
-
CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC',
|
99
|
+
CvssProperty.new(name: 'Modified Confidentiality', abbreviation: 'MC',
|
106
100
|
values: [{ name: 'None', abbreviation: 'N', weight: 0 },
|
107
101
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
108
102
|
{ name: 'High', abbreviation: 'H', weight: 0.56 },
|
109
103
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
110
104
|
@properties.push(@modified_integrity =
|
111
|
-
CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI',
|
105
|
+
CvssProperty.new(name: 'Modified Integrity', abbreviation: 'MI',
|
112
106
|
values: [{ name: 'None', abbreviation: 'N', weight: 0 },
|
113
107
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
114
108
|
{ name: 'High', abbreviation: 'H', weight: 0.56 },
|
115
109
|
{ name: 'Not Defined', abbreviation: 'X', weight: 1 }]))
|
116
110
|
@properties.push(@modified_availability =
|
117
|
-
CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA',
|
111
|
+
CvssProperty.new(name: 'Modified Availability', abbreviation: 'MA',
|
118
112
|
values: [{ name: 'None', abbreviation: 'N', weight: 0 },
|
119
113
|
{ name: 'Low', abbreviation: 'L', weight: 0.22 },
|
120
114
|
{ name: 'High', abbreviation: 'H', weight: 0.56 },
|
@@ -1,11 +1,5 @@
|
|
1
1
|
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
2
|
#
|
3
|
-
# Copyright (c) 2019-2022 Siemens AG
|
4
|
-
# Copyright (c) 2022 0llirocks
|
5
|
-
#
|
6
|
-
# Authors:
|
7
|
-
# 0llirocks <http://0lli.rocks>
|
8
|
-
#
|
9
3
|
# This work is licensed under the terms of the MIT license.
|
10
4
|
# See the LICENSE.md file in the top-level directory.
|
11
5
|
|
@@ -32,14 +26,14 @@ module CvssSuite
|
|
32
26
|
|
33
27
|
def init_properties
|
34
28
|
@properties.push(@exploit_code_maturity =
|
35
|
-
CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E',
|
29
|
+
CvssProperty.new(name: 'Exploit Code Maturity', abbreviation: 'E',
|
36
30
|
values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
|
37
31
|
{ name: 'Unproven', abbreviation: 'U', weight: 0.91 },
|
38
32
|
{ name: 'Proof-of-Concept', abbreviation: 'P', weight: 0.94 },
|
39
33
|
{ name: 'Functional', abbreviation: 'F', weight: 0.97 },
|
40
34
|
{ name: 'High', abbreviation: 'H', weight: 1.0 }]))
|
41
35
|
@properties.push(@remediation_level =
|
42
|
-
CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL',
|
36
|
+
CvssProperty.new(name: 'Remediation Level', abbreviation: 'RL',
|
43
37
|
values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
|
44
38
|
{ name: 'Official Fix', abbreviation: 'O', weight: 0.95 },
|
45
39
|
{ name: 'Temporary Fix', abbreviation: 'T', weight: 0.96 },
|
@@ -47,7 +41,7 @@ module CvssSuite
|
|
47
41
|
{ name: 'Unavailable', abbreviation: 'U', weight: 1.0 }]))
|
48
42
|
|
49
43
|
@properties.push(@report_confidence =
|
50
|
-
CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC',
|
44
|
+
CvssProperty.new(name: 'Report Confidence', abbreviation: 'RC',
|
51
45
|
values: [{ name: 'Not Defined', abbreviation: 'X', weight: 1.0 },
|
52
46
|
{ name: 'Unknown', abbreviation: 'U', weight: 0.92 },
|
53
47
|
{ name: 'Reasonable', abbreviation: 'R', weight: 0.96 },
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# This work is licensed under the terms of the MIT license.
|
4
|
+
# See the LICENSE.md file in the top-level directory.
|
5
|
+
|
6
|
+
require_relative '../cvss_40_and_later'
|
7
|
+
require_relative 'cvss40_base'
|
8
|
+
require_relative 'cvss40_supplemental'
|
9
|
+
require_relative 'cvss40_threat'
|
10
|
+
require_relative 'cvss40_environmental'
|
11
|
+
require_relative 'cvss40_environmental_security'
|
12
|
+
require_relative 'cvss40_all_up'
|
13
|
+
|
14
|
+
module CvssSuite
|
15
|
+
##
|
16
|
+
# This class represents a CVSS vector in version 4.0.
|
17
|
+
class Cvss40 < Cvss40AndLater
|
18
|
+
##
|
19
|
+
# Returns the Version of the CVSS vector.
|
20
|
+
|
21
|
+
def version
|
22
|
+
4.0
|
23
|
+
end
|
24
|
+
|
25
|
+
##
|
26
|
+
# Returns the vector itself.
|
27
|
+
def vector
|
28
|
+
"#{CvssSuite::CVSS_VECTOR_BEGINNINGS.find { |beginning| beginning[:version] == version }[:string]}#{@vector}"
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def init_metrics
|
34
|
+
@base = Cvss40Base.new(@properties)
|
35
|
+
@threat = Cvss40Threat.new(@properties)
|
36
|
+
@environmental = Cvss40Environmental.new(@properties)
|
37
|
+
@environmental_security = Cvss40EnvironmentalSecurity.new(@properties)
|
38
|
+
@supplemental = Cvss40Supplemental.new(@properties)
|
39
|
+
|
40
|
+
@all_up = Cvss40AllUp.new(@properties, @base, @threat, @environmental, @environmental_security, @supplemental)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,40 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# This work is licensed under the terms of the MIT license.
|
4
|
+
# See the LICENSE.md file in the top-level directory.
|
5
|
+
|
6
|
+
require_relative '../cvss_property'
|
7
|
+
require_relative '../cvss_metric'
|
8
|
+
require_relative 'cvss40_base'
|
9
|
+
require_relative 'cvss40_threat'
|
10
|
+
|
11
|
+
module CvssSuite
|
12
|
+
##
|
13
|
+
# This class represents a CVSS Threat metric in version 3.1.
|
14
|
+
class Cvss40AllUp < CvssMetric
|
15
|
+
##
|
16
|
+
# Returns score of this metric
|
17
|
+
def score
|
18
|
+
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
19
|
+
end
|
20
|
+
|
21
|
+
def initialize(properties, base, threat, environmental, environmental_security, supplemental)
|
22
|
+
@properties_to_later_initialize_from = properties
|
23
|
+
@base = base
|
24
|
+
@threat = threat
|
25
|
+
@environmental = environmental
|
26
|
+
@environmental_security = environmental_security
|
27
|
+
@supplemental = supplemental
|
28
|
+
super(properties)
|
29
|
+
end
|
30
|
+
|
31
|
+
private
|
32
|
+
|
33
|
+
def init_properties
|
34
|
+
# All up takes it's properties from all other scores
|
35
|
+
properties_to_add = @base.properties + @threat.properties + @environmental.properties +
|
36
|
+
@environmental_security.properties + @supplemental.properties
|
37
|
+
properties_to_add.each { |p| @properties.push p }
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
@@ -0,0 +1,86 @@
|
|
1
|
+
# CVSS-Suite, a Ruby gem to manage the CVSS vector
|
2
|
+
#
|
3
|
+
# This work is licensed under the terms of the MIT license.
|
4
|
+
# See the LICENSE.md file in the top-level directory.
|
5
|
+
|
6
|
+
require_relative '../cvss_property'
|
7
|
+
require_relative '../cvss_metric'
|
8
|
+
require_relative 'cvss40_calc_helper'
|
9
|
+
|
10
|
+
module CvssSuite
|
11
|
+
##
|
12
|
+
# This class represents a CVSS Base metric in version 4.0.
|
13
|
+
class Cvss40Base < CvssMetric
|
14
|
+
##
|
15
|
+
# Property of this metric
|
16
|
+
|
17
|
+
attr_reader :attack_vector, :attack_complexity, :attack_requirements, :privileges_required, :user_interaction,
|
18
|
+
:vulnerable_system_confidentiality, :vulnerable_system_integrity, :vulnerable_system_availability,
|
19
|
+
:subsequent_system_confidentiality, :subsequent_system_integrity, :subsequent_system_availability
|
20
|
+
|
21
|
+
##
|
22
|
+
# Returns score of this metric
|
23
|
+
def score
|
24
|
+
Cvss40CalcHelper.new(@properties.map { |p| [p.abbreviation, p.selected_value[:abbreviation]] }.to_h).score
|
25
|
+
end
|
26
|
+
|
27
|
+
private
|
28
|
+
|
29
|
+
def init_properties
|
30
|
+
@properties.push(@attack_vector =
|
31
|
+
CvssProperty.new(name: 'Attack Vector', abbreviation: 'AV',
|
32
|
+
values: [{ name: 'Network', abbreviation: 'N' },
|
33
|
+
{ name: 'Adjacent', abbreviation: 'A' },
|
34
|
+
{ name: 'Local', abbreviation: 'L' },
|
35
|
+
{ name: 'Physical', abbreviation: 'P' }]))
|
36
|
+
@properties.push(@attack_complexity =
|
37
|
+
CvssProperty.new(name: 'Attack Complexity', abbreviation: 'AC',
|
38
|
+
values: [{ name: 'Low', abbreviation: 'L' },
|
39
|
+
{ name: 'High', abbreviation: 'H' }]))
|
40
|
+
@properties.push(@attack_requirements =
|
41
|
+
CvssProperty.new(name: 'Attack Requirements', abbreviation: 'AT',
|
42
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
43
|
+
{ name: 'Present', abbreviation: 'P' }]))
|
44
|
+
@properties.push(@privileges_required =
|
45
|
+
CvssProperty.new(name: 'Privileges Required', abbreviation: 'PR',
|
46
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
47
|
+
{ name: 'Low', abbreviation: 'L' },
|
48
|
+
{ name: 'High', abbreviation: 'H' }]))
|
49
|
+
@properties.push(@user_interaction =
|
50
|
+
CvssProperty.new(name: 'User Interaction', abbreviation: 'UI',
|
51
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
52
|
+
{ name: 'Passive', abbreviation: 'P' },
|
53
|
+
{ name: 'Active', abbreviation: 'A' }]))
|
54
|
+
@properties.push(@vulnerable_system_confidentiality =
|
55
|
+
CvssProperty.new(name: 'Vulnerable System Confidentiality Impact', abbreviation: 'VC',
|
56
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
57
|
+
{ name: 'Low', abbreviation: 'L' },
|
58
|
+
{ name: 'High', abbreviation: 'H' }]))
|
59
|
+
@properties.push(@vulnerable_system_integrity =
|
60
|
+
CvssProperty.new(name: 'Vulnerable System Integrity Impact', abbreviation: 'VI',
|
61
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
62
|
+
{ name: 'Low', abbreviation: 'L' },
|
63
|
+
{ name: 'High', abbreviation: 'H' }]))
|
64
|
+
@properties.push(@vulnerable_system_availability =
|
65
|
+
CvssProperty.new(name: 'Vulnerable System Availability Impact', abbreviation: 'VA',
|
66
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
67
|
+
{ name: 'Low', abbreviation: 'L' },
|
68
|
+
{ name: 'High', abbreviation: 'H' }]))
|
69
|
+
@properties.push(@subsequent_system_confidentiality =
|
70
|
+
CvssProperty.new(name: 'Subsequent System Confidentiality Impact', abbreviation: 'SC',
|
71
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
72
|
+
{ name: 'Low', abbreviation: 'L' },
|
73
|
+
{ name: 'High', abbreviation: 'H' }]))
|
74
|
+
@properties.push(@subsequent_system_integrity =
|
75
|
+
CvssProperty.new(name: 'Subsequent System Integrity Impact', abbreviation: 'SI',
|
76
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
77
|
+
{ name: 'Low', abbreviation: 'L' },
|
78
|
+
{ name: 'High', abbreviation: 'H' }]))
|
79
|
+
@properties.push(@subsequent_system_availability =
|
80
|
+
CvssProperty.new(name: 'Subsequent System Availability Impact', abbreviation: 'SA',
|
81
|
+
values: [{ name: 'None', abbreviation: 'N' },
|
82
|
+
{ name: 'Low', abbreviation: 'L' },
|
83
|
+
{ name: 'High', abbreviation: 'H' }]))
|
84
|
+
end
|
85
|
+
end
|
86
|
+
end
|